public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stdenv: Move paxmark function to paxctl's setup hook

Browse Source
This commit is contained in:
Eelco Dolstra 2014-06-30 14:26:23 +02:00
parent d7b356f73b
commit 9f822e5477
5 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/os-specific/linux/paxctl/default.nix
View File

@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
"MANDIR=share/man/man1" "MANDIR=share/man/man1"
]; ];
setupHook = ./setup-hook.sh;
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "A tool for controlling PaX flags on a per binary basis"; description = "A tool for controlling PaX flags on a per binary basis";
homepage = "https://pax.grsecurity.net"; homepage = "https://pax.grsecurity.net";

8
pkgs/os-specific/linux/paxctl/setup-hook.sh Normal file
View File

@ -0,0 +1,8 @@
# PaX-mark binaries.
paxmark() {
local flags="$1"
shift
paxctl -c "$@"
paxctl -zex -${flags} "$@"
}

1
pkgs/stdenv/generic/builder.sh
View File

@ -12,7 +12,6 @@ cat "$setup" >> $out/setup
sed -e "s^@initialPath@^$initialPath^g" \ sed -e "s^@initialPath@^$initialPath^g" \
-e "s^@gcc@^$gcc^g" \ -e "s^@gcc@^$gcc^g" \
-e "s^@shell@^$shell^g" \ -e "s^@shell@^$shell^g" \
-e "s^@needsPax@^$needsPax^g" \
< $out/setup > $out/setup.tmp < $out/setup > $out/setup.tmp
mv $out/setup.tmp $out/setup mv $out/setup.tmp $out/setup

8
pkgs/stdenv/generic/default.nix
View File

@ -10,8 +10,6 @@ let lib = import ../../../lib; in lib.makeOverridable (
, setupScript ? ./setup.sh , setupScript ? ./setup.sh
, extraBuildInputs ? [] , extraBuildInputs ? []
, skipPaxMarking ? false
}: }:
let let
@ -56,9 +54,6 @@ let
inherit preHook initialPath gcc shell; inherit preHook initialPath gcc shell;
# Whether we should run paxctl to pax-mark binaries
needsPax = result.isLinux && !skipPaxMarking;
propagatedUserEnvPkgs = [gcc] ++ propagatedUserEnvPkgs = [gcc] ++
lib.filter lib.isDerivation initialPath; lib.filter lib.isDerivation initialPath;
} }
@ -181,6 +176,9 @@ let
|| system == "armv6l-linux" || system == "armv6l-linux"
|| system == "armv7l-linux"; || system == "armv7l-linux";
# Whether we should run paxctl to pax-mark binaries.
needsPax = isLinux;
# For convenience, bring in the library functions in lib/ so # For convenience, bring in the library functions in lib/ so
# packages don't have to do that themselves. # packages don't have to do that themselves.
inherit lib; inherit lib;

19
pkgs/stdenv/generic/setup.sh
View File

@ -337,22 +337,9 @@ fi
export NIX_BUILD_CORES export NIX_BUILD_CORES
###################################################################### # Dummy implementation of the paxmark function. On Linux, this is
# Misc. helper functions. # overwritten by paxctl's setup hook.
paxmark() { true; }
# PaX-mark binaries
paxmark() {
local flags="$1"
shift
if [ -z "@needsPax@" ]; then
return
fi
paxctl -c "$@"
paxctl -zex -${flags} "$@"
}
###################################################################### ######################################################################